佐藤 彰洋 (サトウ アキヒロ)

SATOH Akihiro

写真a

職名

助教

研究室住所

福岡県北九州市戸畑区仙水町1-1

研究分野・キーワード

出身大学院 【 表示 / 非表示

  • 2011年03月  東北大学  情報科学研究科  情報基礎科学専攻  博士課程・博士後期課程  修了  日本国

取得学位 【 表示 / 非表示

  • 東北大学 -  博士(情報科学)  2011年03月

学内職務経歴 【 表示 / 非表示

  • 2020年04月
    -
    継続中

    九州工業大学   情報基盤センター   助教  

  • 2011年04月
    -
    2020年03月

    九州工業大学   情報科学センター   助教  

 

論文 【 表示 / 非表示

  • 九州工業大学における全学セキュア・ネットワークの更新(2019年度における更新について)

    中村豊, 佐藤彰洋, 福田豊, 和田数字郎, 岩崎宣仁

    インターネットと運用技術研究報告      2020年02月

  • 辞書に基づくDGAボットにより生成された悪性ドメインの判別

    佐藤彰洋, 福田豊, 和田数字郎, 中村豊

    インターネットと運用技術シンポジウム論文集      80 - 86   2019年12月

  • ドメインにおける単語の共起関係に着目した辞書に基づくDGAボットの検出

    佐藤彰洋, 福田豊, 和田数字郎, 中村豊

    電子情報通信学会技術研究報告    119 ( 343 ) 39 - 44   2019年12月

  • A Cause-Based Classification Approach for Malicious DNS Queries Detected through Blacklists

    Satoh A., Nakamura Y., Fukuda Y., Sasai K., Kitagata G.

    IEEE Access    7   142991 - 143001   2019年09月  [査読有り]

     概要を見る

    © 2013 IEEE. Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. Therefore, simply matching communications with blacklist entries is insufficient, and administrators should pursue their detection causes by investigating the communications themselves. In this paper, we propose an approach for classifying malicious DNS queries detected through blacklists by their causes. This approach is motivated by the following observation: a malware communication is divided into several transactions, each of which generates queries related to the malware; thus, surrounding queries that occur before and after a malicious query detected through blacklists help in estimating the cause of the malicious query. Our cause-based classification drastically reduces the number of malicious queries to be investigated because the investigation scope is limited to only representative queries in the classification results. In experiments, we have confirmed that our approach could group 388 malicious queries into 3 clusters, each consisting of queries with a common cause. These results indicate that administrators can briefly pursue all the causes by investigating only representative queries of each cluster, and thereby swiftly address the problem of infected machines in the network.

    DOI Scopus

  • Clustering malicious DNS queries for blacklist-based detection

    Satoh A., Nakamura Y., Nobayashi D., Sasai K., Kitagata G., Ikenaga T.

    IEICE Transactions on Information and Systems    E102D ( 7 ) 1404 - 1407   2019年07月  [査読有り]

     概要を見る

    Copyright © 2019 The Institute of Electronics, Information and Communication Engineers. Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

    DOI Scopus CiNii

全件表示 >>

科研費獲得実績 【 表示 / 非表示

  • 能動型ダークネット観測システムに関する研究

    若手研究(B)

    研究期間:  2014年04月  -  2016年03月

    研究課題番号:  26730066